Jason Mills, IT manager at Cooper Grace Ward, speaking at the Evolve 2013 conference.
It may have started out as a way of simplifying an increasingly complicated IT environment, but Brisbane law firm Cooper Grace Ward (CGW) has found its virtual desktop infrastructure (VDI) investment is also delivering improved remote-access security, data protection and integrity of sensitive information.
CGW’s move to adopt a VDI infrastructure came as the company was looking at ways of improving the flexibility of its desktop standard operating environment (SOE) so that it could be more easily administered, and accessed from anywhere by the firm’s highly mobile lawyers and other employees. One of the firm’s lawyers, for example, works full-time from Cairns.
The ensuing implementation was a significant learning experience for IT manager Jason Mills and his colleagues, who set about building a modern SOE based on Microsoft Windows 7 and Windows 2010, and delivering it via VMware’s View VDI server. The environment worked great in trials on the local network, but when it was rolled out to the field the team were deluged with complaints that it wasn’t responsive enough.
“We had developed this new SOE but had developed it only on View, and never compared it to our old physical desktops,” Mills told attendees at the recent Evolve 2013 security conference.
“We gave the new SOE to someone using View, and they said the old desktop was terrible – but that was where we got trapped. We had gone from Windows XP and Office 2003 to Win 7 with all these new apps, and had to optimise our [SOEs] for Windows 7.”
If managing the actual application delivery was one crucial challenge, ensuring the security of the new environment was another. The VDI model centralised the risks of the desktop model by moving images onto a centralised server – but it also forced the team to reconsider its methods of protection, because the VDI images would be accessed on iPads and other staff devices in a model that requires its own security considerations.
The PC over IP (PCoIP) protocol, developed by Teradici and built into VMware View, offered a robust solution because its built-in encryption helped guarantee the integrity of the SOE streams between server and client device. This offered a level of assurance for a workplace environment in which confidential data is regularly moving around the corporate network.
The firm also implemented Trend Micro Deep Security, a virtualisation tool designed to give VDI environments agentless protection including anti-malware, intrusion detection and prevention, firewall, Web application protection, integrity monitoring, and log inspection capabilities.
“Instead of having all the information on the desktops, it’s housed in the data centre,” Mills said. “We’re not storing anything locally on the iPads, and we’ve got endpoint protection for the SOEs. Even before you connect the device it’s doing authentication at the SDK level.”
Having been through the process, Mills said the shift to VDI had cost around 10% more than the conventional approach but had delivered savings – for example, from the reduction of the previous 2.5 helpdesk staff to just one person – and operational benefits such as end-to-end encryption that supports data governance objectives.
“We have empowered users that can go where they want and when they want, and do all the things that users do,” Mills said. “We’ve got more efficient and smaller IT teams, we’re a bit more agile where we can make changes and we’ve got less reliance on physical hardware – and we’ve got a flexible, secure, and consistent environment that has been fantastic for us.”